Troubleshooting: Mailflow

Article:TECH149342  |  Created: 2009-03-19  |  Updated: 2014-04-08  |  Article URL
Article Type
Technical Solution


This article shows some general troubleshooting steps with PGP Messaging in an environment with the Symantec Encryption Management Server.



Symantec Encryption Management Server (formerly known as PGP Universal Server)



Your first stop are the mail logs. They display information regarding email messages for clients, including mail proxy activities, Key lookups, policy matching and resulting actions. They may give you additional help about some common issues.

To view the mail logs:

  1. Access the PGP Universal Server administrative interface.
  2. Click the Reporting card and select the Logs tab.
  3. If not already selected, click the drop down arrow and select Mail. The Mail logs are displayed.


Common issues that you may face:

Mail Queue gets filled:

  1. Check server mail queue for possible reasons message is queued.
  2. If you are using external keyservers (including global directory for key searches, make sure your firewall allows you to contact those on port 389.

To view the Mail Queue:

  1. Access the Symantec Encryption Management Server administrative interface.
  2. Click the Mail tab and select the Mail Queue tab.


Mail does not get encrypted or processed at all:

  1. Confirm that the Learn Mode is disabled on the server. Learn Mode is configured by clicking the Mail Processing Settings button on the Mail -> Proxies tab.
  2. Verify you have a valid license for the Symantec Encryption Management Server that includes Mail Proxies.
  3. Examine Mail Policy and rules on the server if messages are processed but not as expected. Click the Policy card and select the Mail Policy tab. Confirm the Mail Policy that matched the message (see the logs for this) is the one that should have matched. If not, try to find out why previous policies did not match.
  4. In case there are no log events at all, check whether mail is being routed through the Symantec Encryption Management Server. Check the settings on the Mail -> Mail Routes tab on the server.


Mail Looping

  1. Check whether your mail proxies could cause a mail to loop form between a proxy our route that you entered and also if that other gateway is set for sending messages to this server on specific conditions.


Enrollment Messages

  1. If the client enrollment via email fails due the client does not receive any message, please check the mail route on Mail -> Mail Routes tab on the server. A server that is able to send messages to your clients must be specified for your domain.


If that does not resolve your issue, you may contact the technical support at any time.


Legacy ID


Article URL

Terms of use for this information are found in Legal Notices